Комментарии:
a simple defense analyze the timing of the data.
if it is too slow for the capabilities of even the slowest connection say a 56k line then it comes back with "either upgrade to a faster connection or we will kick your connection and ban you for 10 minutes" or something like that or put a limit to the number of connections say 6
To come up to date a bit, this is one of the reasons why you find nginx on pretty much every front end of a load balancer these days 😆
ОтветитьCan we get the python script😢
ОтветитьRandomly ended up here and really enjoyed the demo.
ОтветитьIt's funny how simple this is and how it still works lol
ОтветитьIs this Apache vulnerability still valid today? It is far more dangerous than normal DDoS.
Ответитьcan slowloris work on a public ip address?
Ответитьdoes it still working in apache nowadays?
ОтветитьReally interesting
ОтветитьI love how excited he is about this DoS and explaining it. The explanation really helped with my studies for CEH! THanks!
ОтветитьI wonder... how many russian propganda media outlets are vulnerable to this attack?
Asking out of pure curiosity, of course... Timing of the question is purely coincidental...
So how would I know if my website is being slowloris-ed?
ОтветитьDear subtitler: He's saying "Carriage," not "Caret"
Ответитьppl still use thread per client in 2022?
ОтветитьThis reminds me of endleSSH, which is used to do prevent SSH cracking and wasting hacker’s time
ОтветитьI don't know how oversimplified is this video, but if someone is actually trying to be secure Idk how he could not think about this possibility
Ответитьyou wont let me live , you wont let me die
ОтветитьI thought this video was about Solaris and that the title and thumbnail were just a pun.
Ответитьincredible lol
ОтветитьAnd that's why you raise your hand before you participate in activities, kids.
ОтветитьThis issue should be fixed as more and more servers are using async code.
ОтветитьCan it be detected by looking into the simultaneous connection with the same IP?
ОтветитьThis is an old video, but Mike's videos are lightning my interest on ethical hacking and penetration tests. What courses would you guys recommend? I work with it for more than 15 years now, i'm a System admin with extense knowledge on scripting.
Thank you!
Why would not the firewall realize that this is an attack? You have 200 connections from the same IP. My guess would be that has something to do with NAT?
ОтветитьMy main booter has a slow loris method but it says I need a file path and in parentheses it says (/index.html) what dose that mean and how do I get that.
ОтветитьSo this is just another example of proving that async is superiour to multithreaded on IO-bound operations?
ОтветитьThis is fairly simple. But one major drawback - servers may catch up by looking at the IP adresses of each concurent connection and if it matches perfectly, they'll cut up all those connections. DDoS has the strength of multiple computers attacking the webserver and the webserver cannot deny each of that attack. Conventional DDoS attacks can be detected and pretty much mitigated by relaying your connection through multiple of caches or simply slowing the connection down a little bit to figure out what's going on. Slow Loris DDoS on the other hand would be kinda undetectable. What if 200 completely random people had painfully slow internet? One way to do this would have a botnet of 200 computers in it trying to access one single website. The other way would be route each connection through Tor (which essentially makes the Tor network your botnet).
ОтветитьI think, as computer nerds, we identify with Slow Loris. It's not out there busting down the door guns-blazing. It's using time and ingenuity to win by attrition.
ОтветитьI've got a question: Why isn't it designed in a way that only a full request can be sent/asked? Like only accept 'Get index.html' and not 'Ge' 't' 'i' 'n' etc.. I don't understand why it starts up a connection/thread when you haven't even asked a full question. Isn't it more simple to let this web-protocol thingy only handle full, finished questions?
ОтветитьBritish Peter Parker.
Also, what a neat concept!
And what makes this an original idea while it is alike to the DOS attack in a way? Additionally, many servers don't allow that bad connections and they also close the connection if the packet sent is too small.
Ответитьgreat vid
Ответитьwho ever created this attack have a brilliance way of thinking XD
ОтветитьSo like a Filibuster
ОтветитьI love this and the fact that he also loves it and tries to hide that he loves it makes it even better :D.
ОтветитьI just love his evil glee.
ОтветитьThe smile on his face when he does the attack
ОтветитьDamn
ОтветитьThat is just beautifully simple but genius 🔥💯😂
ОтветитьOmG.....give a medal to this guy
ОтветитьA get-around I can think of is not to statically allocate thread count, but to allocate based on server load
ОтветитьFinally I can hack Google
Ответитьnah man, You just have REALLY REALLY REALLY slow 1gb internet
ОтветитьIn spirit a lot like a layer 7 version of a tcp-syn attack. Hold the connection open indefinitely.
Ответитьpeople with 0.008 mbps internet
i dont even have to try it dose it by it self
Can we get a code demo of this?
Trying to protect my web servers against all the things
So, how do you combat this?
ОтветитьBut you are sending the CRLF at the end of the random number. I do not understand why
Ответитьbest explaination ............ I am blessed to watch a Channel like computerphile, david bombal etc
ОтветитьWho knew that learning how to hack would make you a computer coding genius
Ответить